Category Archives: Facebook

Reinventing the Web

Tim Berners-Lee
Tim Berners-Lee

We’ve seen some successful technical “reinventions” of the Web such as HTTPS/2 and HTML5 making sites faster and more responsive, but this “Web’s Creator Looks to Reinvent It” initiative is not new, but I will come to that later.

There are a number of issues that have concerned many people, not just in the IT Security industry, but many regular internet users.

Snowden’s leaks, whatever you may think of the rights and wrongs of him making these disclosures, the lengths government agencies go to snoop are a concern to anyone that understands them.

Facebook have been accused of meddling in US elections and Google has been caught out manipulating Brexit searches. There are many other cases, promises that they are not, it’s too complex to understand etc.. But really do you belive them, maybe you don’t care.

Google does have many alternatives, a couple are duckduckgo.com which addresses the bias and startpage.com which address the privacy issues, but neither have picked up many users, maybe if the close to half of English users who support leaving the EU were aware there was an alternative un-biased search engine they would use it. I tend to use Google a lot, as I use a lot of tools that they only have (Dorks etc.), But I am sure that is not the case of the loyalty shown by the majority of users, I think just familiarity and lack of knowledge of an alternative.

Facebook, now that’s an interesting one, they really have a monopoly in the Western world, there were a few competitors in the early days, but they are all gone now. Facebook has become a huge part of peoples lives, I default to skype if needing to contact friends or family, but there are some who will only respond to Facebook messenger contact.

There have been a number of open source alternatives, and to reinvent the Web as Tim Berners-Lee suggests an open source alternative to Facebook is what would be needed. The most upto date and vibrant alternative is the diaspora project, much of the initial funding came from Mark Zuckerberg (Facebook founder). It works, I have set up a few diaspora servers myself, but it is impossible now to unhook a large enough proportion of the population from Facebook, and get their involvement in anything else now, it is the nature of social networking.

Put it another way, not one of the top ten celebrities on facebook have a diaspora* account. I bet none in the top 100, but it would take me too long to confirm that.

I suspect that this very well meaning group of the technically able can create alternatives, but they do not have the ability to get people to switch over?

Securing a Facebook Account from hackers

This has come up a few times over the last few years, either it’s as a form of cyber bullying, taking your account from you, an automated bot that’s set to spam your friends or the more determined targeting of page administrators with the sole purpose of destroying a highly popular community page, which is what I have just been made aware of.

FB-securityI have seen a number of community pages destroyed like this, they hack one of the administrator’s accounts, who then has the ability to remove all the other admin, elevate the privileges of some of his friends and trash the page, or simply remove himself leaving the page orphaned. Here’s my advice:

A first lines of defence to think about, if no-one knows who the admins of a page are (unlike groups in Facebook admins are not publicized), the hackers don’t know which accounts to hack. Secondly if you hide your email address from either the public or even your friends, that reduces the chance that they hack your email first, then use that to just do a simple “password reset” which I have seen done quite a few times, the other one I have seen is where the hacker knows enough personal details to reset the password by answering security questions, they may have acquired the information using social engineering, or simply be a family member.

To hide your email address, go to “about“ (next to timeline tab), click the “edit” on the “contact information” section, and from the little drop down choose appropriate restrictions. Hidden from timeline might be appropriate here.

The bullet proof way of securing your account, unless the hacker has control of your mobile phone is to add mobile phone security. What happens is, even if your attacker has your username and password, they cannot log in using a previously unlogged in browser without a short code sent to your mobile phone first. To achieve this, you first of all need to have added a mobile number to your account, see the instructions above (“edit” on the “contact information” section), then go to the security settings page (just under “General Settings”), and click “edit” on the “Login Approvals” section, tick the box, “requires a security code…” and save. This security settings page also has some other neat features, the “code generator” allows you to create some pre-created codes in case you don’t have access to your mobile. You can also add some “trusted contacts” that could help you recover your account in the event you lost control of it. Also you can see where your account is being logged in from right now, as well as a history of logins.

As with all security, if you are securing a Facebook page or group, security is only as strong as the weakest account who have administrator privileges. My advice would be if you are under imminent or current attack, remove all but those administrators temporarily till they get their own accounts locked down.

Facebook do have an official security page, but it is aimed at the more technically competent (geeks), they announce new security features all the time, so it’s a good one to follow.

If you come unstuck or want help in creating a safe space on Facebook let me know.